Black Box ET0010A User Manual
Policy Generation and Distribution
EncrypTight User Guide
139
●
ETKMSs distribute the keys and policies to the PEPs
●
VLAN ID ranges enable filtering based on VLAN ID tags (optional)
NOTE
If you do not include a VLAN ID or range in the policy, all Ethernet traffic is selected for enforcement.
Policy Generation and Distribution
This section outlines how the elements of EncrypTight work together to generate and distribute policies
and keys. While an actual deployment might be significantly more involved than the examples used, the
concepts remain the same.
and keys. While an actual deployment might be significantly more involved than the examples used, the
concepts remain the same.
illustrates the basic generation and distribution of policies and keys
within EncrypTight.
Figure 47
Policy generation and distribution
When you deploy the policies, the ETPM sends a metapolicy to each ETKMS. The metapolicy contains
all of the information regarding each policy including the action (encrypt, clear, or drop), the required
ETKMSs, the lifetime of the policy, the PEPs that enforce the policies, and what kind of traffic the policy
acts on. Each ETKMS generates the required keys and sends the appropriate policies along with the
shared keys to each of its PEPs.
all of the information regarding each policy including the action (encrypt, clear, or drop), the required
ETKMSs, the lifetime of the policy, the PEPs that enforce the policies, and what kind of traffic the policy
acts on. Each ETKMS generates the required keys and sends the appropriate policies along with the
shared keys to each of its PEPs.
When two or more PEPs are controlled by the same ETKMS, that ETKMS generates the shared keys for
the PEPs.
the PEPs.
illustrates key generation and distribution when one ETKMS controls multiple PEPs
required to enforce an encryption policy.